Skip to content

Bad SQL string causes SIGABRT - 864e1fd3 #3

New issue
New issue
Open
Open
Bad SQL string causes SIGABRT - 864e1fd3#3
@jodiecunningham

Description

@jodiecunningham
jodiecunningham
opened on Dec 24, 2014

Hi hoterran,

Through some fuzzing I found a bad SQL string that can cause a SIGABRT in the application.

Source file: https://www.dropbox.com/s/idjh5jjfhzyphrf/864e1fd3?dl=0

To reproduce:

format 864e1fd3

Output:

1: error: syntax error
1: error: mystery character '�'
1: error: mystery character ''
<<<<<<  This file has 1 sql, success 1, failure 0 >>>>>

-------------------------------------------------------------------------
SELECT
format: format.c:265: print_expr_item: Assertion `((void *)0)' failed.
    rim,6883072 - 0Aborted (core dumped)

_Backtrace from GDB_:

#0  0x00007ffff7a4abb9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#0  0x00007ffff7a4abb9 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007ffff7a4dfc8 in __GI_abort () at abort.c:89
#2  0x00007ffff7a43a76 in __assert_fail_base (fmt=0x7ffff7b952b0 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x455d40 "((void *)0)", file=file@entry=0x455d37 "format.c", line=line@entry=265, function=function@entry=0x455fe0 <__PRETTY_FUNCTION__.4250> "print_expr_item") at assert.c:92
#3  0x00007ffff7a43b22 in __GI___assert_fail (assertion=assertion@entry=0x455d40 "((void *)0)", file=file@entry=0x455d37 "format.c", line=line@entry=265, function=function@entry=0x455fe0 <__PRETTY_FUNCTION__.4250> "print_expr_item") at assert.c:101
#4  0x0000000000409aa5 in print_expr_item (i=<optimized out>, indent=<optimized out>) at format.c:265
#5  0x00000000004038af in selectColumn (indent=1, stmt=0x691960) at format.c:423
#6  stmt (indent=0, stmt={void (int, Stmt *)} 0x401bf0 <main+2296>) at format.c:839
#7  main (ac=<optimized out>, av=<optimized out>) at format.c:914
#8  0x00007ffff7a35ec5 in __libc_start_main (main=0x4012c0 <main>, argc=2, argv=0x7fffffffe118, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe108) at libc-start.c:287
#9  0x000000000040439c in _start ()

System Details:
AMD64
Distributor ID: Ubuntu
Description: Ubuntu 14.04.1 LTS
Release: 14.04
Codename: trusty

Found with the fuzzer American Fuzzy Lop ( http://lcamtuf.coredump.cx/afl/ )

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions